Website developers and owners must remain vigilant to the emerging threats in Joomla and its ecosystem of extensions and templates. Use the Joomla security resources below to learn the best methods of building and maintaining safer websites.

1. Joomla security checklist

The Joomla Security Checklist is the perfect place to start when it comes to maintaining a secure Joomla website.

The list includes great advice for choosing a secure web host, managing file permissions, optimal Joomla configuration, what to do if you have been hacked, and more.

Be sure to take some time to read through and understand the basics of each section.

Joomla also provides a number of additional security resources on their general Joomla Security page that are a great way to grow your security knowledge.

2. Joomla vulnerability listings

Monitoring when Joomla vulnerabilities are reported is another way to stay on top of developing security news. Joomla vulnerabilities are reported in two different places:

• The Joomla Security Network publishes security information included in official releases of the Joomla core.
  • RSS feed of resolved vulnerabilities in the Joomla core
• The Vulnerable Extensions List (VEL) catalogs all of the known exploits in 3rd-party Joomla extensions.
  • RSS feed of active extension vulnerabilities
  • RSS feed of resolved extension vulnerabilities

Monitor these Joomla vulnerabilities by setting up a push notification (email, Slack, etc…) using the RSS integration at Zapier or adding the RSS feeds to your feed reader.

3. Security articles in the Joomla Community Magazine

The Joomla Community Magazine can be a great resource for security information and advice. We recommend that you regularly visit for security-related posts such as:

• 10 Minutes to Protect Against Disaster
• How to Strengthen your Administrator Password
• Website Monitoring, Backup, and Two Cups of Coffee
• 10 Arguments That Threaten the Security of Your Website
• Investing in HTTPS is Crucial to Your Joomla Site’s Integrity
• Top 10 stupidest administrator tricks

4. Google alerts

The internet is continually publishing new items on website security and Joomla of course is a common topic. We recommend that you regularly head over to your favorite search engine and search for “Joomla security” and filter for recent articles. For example:

• Joomla Security Best Practices to Follow for Fortified Websites (2021)
• 10 Best Practices to Secure and Harden Joomla Web Site (2021)
• Introduction to Joomla Security (2019)
• Complete 10 Step Guide to Joomla Security (2017)

Using Google Alerts to be notified of new articles on this topic may be helpful.

Here at Watchful we’ve also written extensively about security. For example:

• We use Cloudflare on every website we manage. You should too.
• Are new admin accounts a sign of website intrusion?
• How to bulletproof your web agency security policy
• 7 tips to improve the security of your Joomla template
• Security Best Practices for Joomla Webdesign Agencies.
• 3 quick tasks to harden your website with a Joomla security extension

5. Official Joomla Security forums

If you’ve read this far, and followed the links above, you’re well on your way to being able to maintain a safe and secure Joomla website. But if you still have questions, be sure to pose a question in the security forums at Joomla.org.

Separate boards are maintained for Joomla 1.5, 2, 3 and 4 security. Be sure to post in the correct place, and never ever post any personal information about your site or server.